Pages:
Author

Topic: About the recent attack - page 2. (Read 14041 times)

legendary
Activity: 1204
Merit: 1015
October 08, 2013, 12:52:33 PM
#87
Because it will be fixed if you reveal it and you lose access.

Not if you've got more than the backdoor you revealed.
You would have to have an additional whole SMF exploit to safely reveal your access, because when backdoors are suspected, people usually sanitize everything - just as we did here. Not even a backdoor embedded in the BIOS would have survived the cleanup that theymos did, since we completely changed hardware and rebuilt everything from the ground up. A backdoor in the database might still exist, but theymos looked pretty hard for those. So, other than that, the only way this guy is getting back in is if he has an exploit that anyone could have found.

The backdoor is specific to the forum. It's probably something as simple as eval() with certain arguments passed in obscure and unintended methods.
Probably...
vip
Activity: 1316
Merit: 1043
👻
October 08, 2013, 03:22:27 AM
#86
The backdoor is specific to the forum. It's probably something as simple as eval() with certain arguments passed in obscure and unintended methods.
hero member
Activity: 952
Merit: 1009
October 08, 2013, 03:17:12 AM
#85
Because it will be fixed if you reveal it and you lose access.

Not if you've got more than the backdoor you revealed.
hero member
Activity: 574
Merit: 500
October 08, 2013, 03:00:37 AM
#84
re enable BlackBox theme, this one is way too white
+1.
legendary
Activity: 938
Merit: 1000
chaos is fun...…damental :)
October 08, 2013, 02:55:37 AM
#83
re enable BlackBox theme, this one is way too white
legendary
Activity: 1708
Merit: 1020
October 08, 2013, 02:45:09 AM
#82
SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.
1.x makes perfect sense then. Maybe the sanitizing part can be backported/improved.

Are there any logs of hacking action? When was the backdoor placed again?


The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Why not reveal it?  It was going to be discovered eventually by those trying to fix the forum and revealing that a two year old backdoor was used made it more difficult for theymos to claim it was some new, previously unheard of exploit.  There's some lulz to be had when you tell someone how you did something just after it happens and it still takes them days to find and fix the problem.
Because it will be fixed if you reveal it and you lose access.

There are plenty of other much worse things the hacker could have done, that would even have made him money. Hopefully we are lucky and it was a gray hat. On the other hand side - who would like to really call for the wrath of this forum...
hero member
Activity: 1246
Merit: 501
October 08, 2013, 02:21:29 AM
#81
So, if there are so many problems with SMF, why does thermos still use it?  There must be some open-source forum software that could be used.   

Usually laziness.  Most forums software will import the database from other forums.  There's plenty - phpBB is the biggest one, OK it has it's problems too, but it's being worked on constantly by the developers.
hero member
Activity: 1246
Merit: 501
October 08, 2013, 02:19:38 AM
#80
Well, this could well be coincidence, but someone's been trying very hard to get in to my iCloud account the past day or so.  The iCloud username is the same as the email I used here (a GMail account).

I've reset both the GMail and iCloud account passwords, and put double auth on the GMail, but it's annoying getting "iForgot" emails every 15 minutes...
legendary
Activity: 2884
Merit: 1115
Leading Crypto Sports Betting & Casino Platform
October 08, 2013, 12:50:02 AM
#79
2011 Wow that is an old exploit, whoever broke into the system bided their time executing that code.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
October 08, 2013, 12:45:04 AM
#78
So, if there are so many problems with SMF, why does thermos still use it?  There must be some open-source forum software that could be used.   At least in that case the skills of the thousands of people using this forum and offering opinions about the code could be put to some profitable use.  Right? 
hero member
Activity: 495
Merit: 507
October 07, 2013, 09:44:52 PM
#77
As a side note is there any new restrictions on avatars now, namely the ability to change them?

I have a 80x80 gif I'd like to use that comes out to either 21 or 28k depending, no mention in the usercp about restrictions.
hero member
Activity: 868
Merit: 1000
October 07, 2013, 09:33:45 PM
#76
The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Why not reveal it?  It was going to be discovered eventually by those trying to fix the forum and revealing that a two year old backdoor was used made it more difficult for theymos to claim it was some new, previously unheard of exploit.  There's some lulz to be had when you tell someone how you did something just after it happens and it still takes them days to find and fix the problem.
hero member
Activity: 495
Merit: 507
October 07, 2013, 09:11:58 PM
#75
The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Revealed as explained or used? I'd would probably be a mixture of courtesy, "wtf the two year old backdoor still works" factor and just sharing knowledge.

Yes, that was a scray run, hopefullyw on't happen again.  Any *cough* um, accusations of who attacked?



Are you the same surebet that's a member of this exploit database site http://1337day.com that has a private section containing SMF exploits?

No.
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
October 07, 2013, 07:53:33 PM
#74
I'm all for an upgrade. Also, why do we need ads seeing as we have a huge fund to pay for the forum? They are really annoying.
sr. member
Activity: 294
Merit: 250
Let's Start a Cryptolution!!
October 07, 2013, 07:49:40 PM
#73
My forum is back thank god. I felt so empty without my BTC talk  Undecided.

Great work theymos!!
staff
Activity: 3304
Merit: 4115
October 07, 2013, 06:30:46 PM
#72
SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

iirc the latest build is 2.0.5 and is quite secure....

It's got more features which are means more vulnerabilities. He's right, it's more than likely better to stay on this version. Although, upgrading to a different forum system may be better but would require more downtime and more hassle. 
hero member
Activity: 686
Merit: 504
always the student, never the master.
October 07, 2013, 06:26:08 PM
#71
SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

iirc the latest build is 2.0.5 and is quite secure....
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
October 07, 2013, 05:26:58 PM
#70
Securing the forum requires fewer people with access not upgrading to an unknown quantity. At least using an older version means most of the vulnerabilities are known.
administrator
Activity: 5222
Merit: 13032
October 07, 2013, 05:18:14 PM
#69
SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
October 07, 2013, 05:14:51 PM
#68
Don't fool yourself into a false sense of security. SMF v2.0.2 has many vulnerabilities.
It seems like you are referring to the same vulnerabilities referenced in this thread:

http://www.simplemachines.org/community/index.php?topic=482530.0

The SMF Project Manager had this to say about it:
Quote
this is, essentially, BS...

not because it's not true... but because in order to take advantage of it, the person needs to already have access to the admin section...  and if you have full access to the admin section, you already have access to ALL of the users' data and the ability to upload packages - so this "injection" complaint is really kinda silly.

Not that I really care if we update or not, because I can understand the advantages and disadvantages of both actions. But I would like to see something happen to make this forum a bit more secure.
Pages:
Jump to: